git.ipfire.org Git - thirdparty/bugzilla.git/commit

]> git.ipfire.org Git - thirdparty/bugzilla.git/commit

projects / thirdparty / bugzilla.git / commit

author	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 24 Jan 2011 18:38:50 +0000 (19:38 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 24 Jan 2011 18:38:50 +0000 (19:38 +0100)
commit	ae718be5e742aa62a03ecbd77917547d0043b19d
tree	39bcb71c411c9c29fbbe42ac51de45e353300f9f	tree \| snapshot
parent	777d754f30dfc0c70806f8e8aa2808dfd5818b9a	commit \| diff

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace

and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit

Bugzilla/Template.pm		diff \| blob \| blame \| history
template/en/default/bug/edit.html.tmpl		diff \| blob \| blame \| history
template/en/default/bug/show-multiple.html.tmpl		diff \| blob \| blame \| history

Mirror of https://github.com/bugzilla/bugzilla.git

RSS Atom